Firefox, the Browser of the Future?

[next]

Firefox, the Browser of the Future?

By Scott Clark.

As developers, the evolution of web browsers is something we're all concerned about. How are they the same? How do they differ? Who's winning the so-called browser war? What about security? Web standards? Just what are the current statistics in this world of browser madness? Does any one browser have an advantage over the others? With these questions in mind, we spoke to Chris Hofmann, Director of Engineering of the Mozilla Foundation, and asked him about Firefox and where it's headed.

According to W3Schools--which admits that its audience is more browser-biased than other, more general sites--MSIE users account for 63.5 percent of users, while Firefox has substantially moved up in the world, accounting for 26.3 percent of users. Netscape users account for slightly less than 1 percent, and Opera users account for another 1.8 percent of users (leaving 7.5 percent of users unaccounted for). You can check the W3School's stats yourself here. Our own stats show that Firefox has captured a total of 19.53% of the market, an impressive increase from past months.

As noted above, Firefox is making great strides when it comes to its user base. Many developers are actively promoting the use of Firefox, whether it's by developing sites specifically for the browser, or encouraging users to download it and give it a try, promoting it as a more secure alternative to MSIE. So what's so special about this browser?

Firefox Security

We asked Chris what he sees as the single most important feature for a web browser. He explained: "Most people try out Firefox because they have heard it provides a solution for the many security and privacy problems they have encountered with Internet Explorer. AOL and Earthlink studies reported in a US congressional hearing showed that as many of 80% of [Microsoft] Windows and Internet Explorer (IE) users have been impacted by Spyware, Adware, Viruses and Security Exploits that have been tied to Windows and IE. Kim Komando of USA today has a good recent write up of how users are affected. Firefox does not provide or support ActiveX or the complex security zone model that is built into IE."

When asked why they don't support ActiveX, Chris replied: "Firefox doesn't provide support for proprietary technologies such as ActiveX and the Microsoft Security Zone model [because] these two features set up the possibility for the silent download, installation, and execution of remote code as a feature of the browser. It's a powerful feature that web developers can take advantage of, but has also proven to be a feature that is prone to security and privacy problems. In the late 1990's, security experts warned of the potential problems with ActiveX and security zones. This article published in 2002 about the most 'Dangerous Software Ever Written' highlighted many of the problems that have recently been exposed as security exploits. It wasn't until six months later that Microsoft announced their 'Trusted Computing Initiative.' 18 months after that, Microsoft provided the first steps toward securing problems in IE with the release of Windows XP Service Pack 2."

"The different approach taken on the Mozilla Project is to keep users in control and aware of dangerous actions like downloading, installation, and execution of remote code. We also think it is important to engage security experts on the Mozilla project (any security researcher can download all the code), encourage security research (we offer $500 bug bounties to encourage research), and to act quickly on the feedback we get from these experts. A study by scanit.be (an independent security research firm) shows the dramatic difference in response time and the ability to stay on top of security problems between Microsoft and the Mozilla Project."

[Editor's note: According to Secunia, a security and vulerability reporting site, Microsoft's history when it comes to patching security problems is indeed sketchy. A "Solution Status" pie graph on their site shows the percentages of "Unpatched" (30%), "Vendor Patched" (55%), "Vendor Workaround" (2%) and "Partial Fixed" (14%) security advisories affecting Microsoft Internet Explorer 6.x. that were reported by Secunia from 2003 to 2005. That said, the Solution Status pie graph for the same time period for security advisories affecting Firefox isn't much better: "Unpatched" (32%), "Vendor Patched" (63%), "Vendor Workaround" (0%) and "Partial Fixed" (5%).]

Web Standards?

Given that web standards are so important to developers, we asked whether Firefox will continue to stay as close to the standard as possible going forward. Chris said: "Standards have really stagnated or turned into large monolithic efforts in recent years. The Mozilla Foundation and the Opera and Safari development teams are attempting to inject some innovation into the standards process to keep the web moving forward as great development platform. Brendan and others have blogged about this and there was a lot of discussion at the recent Xtech Conference. The idea of moving the web forward incrementally with standards that can be implemented by the browser development teams is important to us. Initiatives are underway with plugins, SVG, and several other areas."

Firefox Already Does RSS

We asked about new features in regards to RSS in upcoming Firefox releases (especially in light of recent news about MSIE 7.0's Support for RSS). Chris was very enthusiastic, and replied that "Firefox broke new ground with features that began to expose RSS in the browser. There is still is a lot of room for innovation with RSS in the browser and we have a lot of people thinking about that on the project. I'm anxious to get RSS support into the browser project we have for small hand held devices. I think RSS is really going to help there where the devices have limitations on screen size and input methods. RSS is going to help people get to the content they want easier and faster."

[next]